antimatter.session_mixins.policy_rule_mixin#

Module Contents#

Classes#

PolicyRuleMixin

Session mixin defining policy rule CRUD functionality.
class antimatter.session_mixins.policy_rule_mixin.PolicyRuleMixin(domain: str, client_func: Callable[[], antimatter.client.DefaultApi], **kwargs)#

Session mixin defining policy rule CRUD functionality.

Parameters:

  • domain – The domain to use for the session.

  • client – The client to use for the session.

create_policy_rule(capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int, facts: antimatter.builders.fact_policy.FactPoliciesBuilder | None = None, disabled: bool = False) Dict[str, Any]#

Create a policy rule for the domain.

Parameters:

  • capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together

  • facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.

  • path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)

  • operation – The operation to apply the policy to

  • result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule

  • priority – The priority of this rule. Lower priority rules are evaluated first

  • disabled – If this rule is disabled or not

Returns:

A dictionary containing the created rule from the server

delete_policy_rule(rule_id: str)#

Delete a domain policy rule on the session’s domain.

Parameters:

rule_id – Identifier of the policy rule to delete

list_policy_rules()#

Get the domain’s policy rules.

Returns:

A list of policy rules.

update_policy_rule(rule_id: str, capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, facts: antimatter.builders.fact_policy.FactPoliciesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int, disabled: bool = False) None#

Update a domain policy rule by ID.

Parameters:

  • rule_id – The ID of the rule to update

  • capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together

  • facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.

  • path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)

  • operation – The operation to apply the policy to

  • result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule

  • priority – The priority of this rule. Lower priority rules are evaluated first

  • disabled – If this rule is disabled or not

renumber_policy_rules() List[Dict[str, Any]]#

Re-assign rule priority numbers for the session’s domain to integer multiples of 10

Returns:

The full list of renumbered policy rules in this domain